Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Training
- Tools & Templates
- Standards & Frameworks
- FAQ
- Alternative Identifiers
- Data Classification and Access Control
- Gramm-Leach-Bliley Training
- Identity Theft Red Flag Training
- Information Security Implementation Plan
- Institutional Data Policy
- Institutional Data Policy Training
- Red Flags
- Restricted Data
- Social Security Numbers
- University Security Standards
- Campus Resources
- Contact Us
- Site Map
What's New?
- Identity Theft Red Flags Training begins.
- Learn about an IT Security Framework.
Hot Topics
- Institutional Data Policy Training
- Restricted Data Elements
- Implementation Plan
- University Security Standards (UCSS)
- Relevant Federal Laws & Regulations
2008-2009 IT Security Implementation Plan update!
The dates for the quarterly implementation plan submissions have been updated to reflect the 2008-2009 schedule.
Incident Response
FACTA Red Flags FAQ
Below are commonly asked questions about the FACTA Red Flags regulation.
- What is the purpose of the FACTA Red Flags regulation?
- What is covered by the regulation?
- What is the definition of a financial institution or creditor?
- What steps are necessary for the university to take?
- What are the 26 red flags outlined in the regulation?
- Who should I contact if I have more questions?
Further Questions?
Please use the email form at the bottom of the page to contact us.
What is the purpose of the FACTA Red Flags regulation?
The purpose of the regulation is to detect and prevent identity theft by defining red flags or alerts that refer to a pattern, practice, or specific activity that indicates the possible existence of identity theft.
What is covered by the regulation?
Financial institutions and creditors (see definition below) with covered accounts are required to develop and implement identity theft prevention programs.
What is the definition of a financial institution or creditor?
The Federal Trade Commission has defined this very broadly as anyone who defers payment on a debt or anyone who defers payment on goods or services. Furthermore, a creditor is:
- Any entity that regularly extends, renews or continues credit
- Any entity that regularly arranges for the extension, renewal or continuation of credit
- Any assignee of an original creditor who is involved in the decision to extend, renew or continue credit
Based on this definition, there are many units at the university that sell goods and/or services with deferred payment (e.g. accounts receivable).
What steps are necessary for the university to take?
The university must develop a policy and program to identify and detect the relevant warning signs or red flags of identity theft. The policy must be approved by university leadership. University units will need to be educated on the appropriate actions steps that need to be taken when a red flag occurs.
What are the 26 red flags outlined in the regulation?
The complete list of red flags outlined in the regulation is available here: Red Flags
Who should I contact if I have more questions?
Contact Joyce Wagner (wagner.21), Data Privacy Administrator at (614) 247-8206 or use the e-mail form below.
Further Questions?
If your question is not listed in the above FAQ, please use the form below to contact the Identity Theft Red Flags support staff. We will respond to your inquiry as soon as possible.
